Ticket #2180 (new defect)

Opened 4 months ago

Last modified 4 months ago

http: cookie bugs

Reported by: gjdfgh Owned by:
Priority: normal Component: avformat
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

  1. if a cookies string is set, but no domain matches, lavf sends "Cookie: (null)". This is because it passes NULL to snprintf() somewhere.
  1. ffmpeg erreneously includes the port number as part of the domain name for cookies, if the port number is included in the URL. For example, I was testing with the URL " http://localhost:10000/", and cookies for "localhost" were ignored. Using "localhost:10000" as domain name in the cookies string works, but I believe the port number should not be part of the domain name. At least wget disagrees.

Change History

comment:1 Changed 4 months ago by cehoyos

Please provide a failing command line including complete, uncut console output.

comment:2 Changed 4 months ago by gjdfgh

But I'm not using ffmpeg by command line.

comment:3 Changed 4 months ago by cehoyos

Then please explain how the problem can be reproduced and why it is not reproducible with ffmpeg (the application).

comment:4 Changed 4 months ago by gjdfgh 

$ ffmpeg -cookies "NAME=VALUE; path=/; domain=localhost; secure " -i http://localhost:10000/test.mkv
ffmpeg version N-49529-gb45a3e1 Copyright (c) 2000-2013 the FFmpeg developers
  built on Feb  2 2013 13:06:37 with gcc 4.7 (Debian 4.7.2-5)
  configuration: --prefix=/tmp/fftemp
  libavutil      52. 17.100 / 52. 17.100
  libavcodec     54. 91.100 / 54. 91.100
  libavformat    54. 61.104 / 54. 61.104
  libavdevice    54.  3.103 / 54.  3.103
  libavfilter     3. 35.100 /  3. 35.100
  libswscale      2.  2.100 /  2.  2.100
  libswresample   0. 17.102 /  0. 17.102

Receiving side:

$ nc -l -p 10000
GET /test.mkv HTTP/1.1
User-Agent: Lavf54.61.104
Accept: */*
Range: bytes=0-
Connection: close
Host: localhost:10000
Cookie: (null)

"(null)" is obviously not a valid cookie value. This demonstrates the two issues I pointed out.

Also, I've noticed an unrelated cookie issue: with some sites, ffmpeg seems to accumulate "bad cookies". You can try with  mpv and vimeo links. On every seek (http reconnect), ffmpeg prints an additional warning reading "[http @ 0x8a43da0]Invalid cookie found, no value, path or domain specified" (e.g. the 10th seek will print 10 such messages). However, I'm far too lazy to analyze this.

Note: See TracTickets for help on using tickets.